podman security update

An update is available for podman. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The podman tool manages pods, container images, and containers. It is part of...

Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Summary A code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions inside export declarations in ES module scripts processed by happy-dom. The compiler directly interpolates unsanitized content...

CVE-2020-10897

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

EUVD-2020-5866

Malware in sbrugna...

EUVD-2020-25823

Malware in sbrugna...

EUVD-2018-0695

Malware in sbrugna...

EUVD-2021-20652

Malware in sbrugna...

EUVD-2019-0693

Malware in sbrugna...

EUVD-2016-5373

Malware in sbrugna...

EUVD-2016-3087

Malware in sbrugna...

EUVD-2020-4730

Malware in sbrugna...

EUVD-2016-5385

Malware in sbrugna...

EUVD-2013-2847

Malware in sbrugna...

EUVD-2023-41943

Malicious code in bioql PyPI...

EUVD-2023-1273

Malicious code in bioql PyPI...

EUVD-2021-8421

Malicious code in bioql PyPI...

EUVD-2022-27477

Malicious code in bioql PyPI...

EUVD-2023-46551

Malicious code in bioql PyPI...

CVE-2025-9114

The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticat...

SUSE CVE-2025-6430

When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a embed or object tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12,...